Email spoofing is a common technique used in business spam and phishing attacks and is a form of impersonation. With email spoofing attacks, the scammer forges email addresses, names and headers so that, when these emails are sent, the email software displays these details which most recipients take at face value.

Scammers who attempt to carry out email spoofing attacks will likely target businesses where they can easily access information on the internal hierarchy. They will then use this information to impersonate business owners, CEOs and managers, before emailing employees within the business who will be more likely to open and respond to emails from these senders, falling victim to an email spoofing attack. 

Scammers use email spoofing attacks because they know that employees are more likely to engage with them. The aim of email spoofing attacks is to encourage the recipient to open malware-infected attachments, click on suspicious links, send sensitive data and ask for payments on behalf of the person who they are impersonating. 

Because of the way that email protocols work, this type of cyber attack has been common for decades, but that doesn’t mean that people are familiar with the signs of an email spoofing attack. As part of cyber security awareness month, in our latest CYFOR Secure blog, we take a look at how to spot an email spoofing attack and the ways you can protect yourself and your business from the damage of an email spoofing attack.

How does an email spoofing attack work?

The main goal of email spoofing attacks is to trick users into believing that the email they have received is from someone else, likely someone they know and trust. By exploiting that trust, the attacker will then ask the recipient to divulge sensitive information or take another action, such as sending a payment. Another technique used by email scammers is Business Email Compromises (BEC), which is another form of a phishing attack. 

A common type of email spoofing attack is when scammers create an email that looks as though it has been sent from PayPal. They usually impersonate a client asking for payment, or ask the recipient to re-authenticate their account by clicking on a link and submitting their personal information. 

Email spoofing attacks are successful because the scammer will use email impersonation, where they closely replicate an original email address typically used by someone higher up in the business. This then allows them to trick and deceive recipients. Email spoofing attacks will typically replicate the display name which is identical to that of the person they are impersonation, but will then have a different email address. In most cases, recipients won’t see this within their email unless they click on it, so it is well disguised. 

There are a few further things you can check to help determine whether or not an email is part of an email spoofing attack. 

Check the email header information

Email headers contain a large amount of tracking information and can show where the email has travelled across the internet. Email programmes may display this information differently, but there are some tips to help you identify a spoofed message. 

  • Identify the ‘From” email address matches the display name

At a first glance, the email address may look legitimate, but on closer inspection, the email header may reveal that the email address associated with the display name is actually from another sender. 

  • Match the ‘Reply-To’ header to the source

This information is typically hidden from the recipient when receiving an email and can be overlooked when responding. If the ‘reply-to’ address doesn’t match the sender or the website which they claim to be representing, then there is a high possibility that it is an email spoofing attack. 

Question the email contents

Sometimes, the best way to protect yourself from falling victim to an email spoofing attack is to trust your instincts. If you receive an email from someone you know that seems to be out of the ordinary, then this should raise a red flag and urge you to investigate further. If you receive an unsolicited email or one that is highly unusual to be from the claimed sender, then take a look at the email contents. If the sender is asking you for sensitive information, to send money or click on suspicious links, then always be wary about doing so. 

If the email seems suspicious and you’re not sure, then it is always best to contact the supposed sender through a trusted phone number or start an outgoing email using their regular email address asking if they meant to ask you for personal information. Always avoid replying to the original suspicious email.

How to protect yourself from an email spoofing attack

If you’ve received potential email spoofing attacks, or just want to add some more security to your emails and business, then there are things you can do to protect yourself from future email spoofing attacks. 

Use email security protocols

Email security protocols can form the first line of defence against email spoofing attacks and use domain authentication to reduce potential spam emails and threats. Typical email security protocols in place include Domain-based Message Authentication which detects forged sender addresses during the delivery phase, but only during the envelope of the email. Reporting and Conformance (DMARC) which, when used with Sender Policy Framework (SPF), can help to detect a forged “visible sender” that is most commonly used in spam and phishing. 

Install antimalware solutions

Antimalware solutions can detect and block spoofed emails before they even reach the target’s inbox. If you implement antimalware solutions, then it’s important to keep them up to date, as attackers can be savvy in that they can be alerted to newly-identified vulnerabilities, acting quickly to exploit them through email spoofing attacks. 

Invest in managed cyber security

A lot of email spoofing attacks can often be the result of a spammer scoping out your business and seeing potential vulnerabilities. With cyber security attacks, it’s often a matter of when, not if, a business falls victim to one, so having cyber security protection in place can ensure your business is protected from all angles. Here at CYFOR Secure, we provide managed IT support, no matter your business, to ensure any risks are mitigated.

If you believe you may have fallen victim to an email spoofing attack, or someone in your business has provided important information or paid “invoices” of any kind, contact our Cyber Incident Response team as soon as possible to help your business quickly recover and protect against further damage.